Windows XP Nears Endgame

By: (CISSP, CISA)

Publication: VACB (Virginia Association of Community Banks)The Community Banker , Autumn 2013

The Community Banker, Autumn 2013 On April 8, 2014, Microsoft will cease support for Windows XP, a flagship desktop operating system for Microsoft since 2001. This endgame should not come as a surprise to IT managers because the Windows XP end of support date has been well publicized for years. That said, over the past several months I have visited a number of companies that still have Windows XP machines and have not created action plans for migrating off this popular platform. According to Net Applications, as of July 2013, Windows XP still holds just over 37% of the desktop operating system market share, with only a 4% drop since September 2012. These numbers roughly agree with what I am seeing out in the field.

Overall, the XP platform has serviced business well through the years, and we’ve become comfortable with its features, usability and performance. This, plus the expense and training required to migrate, can make the transition to a new operating system a distressing experience.

The end of support by Microsoft has two major consequences:

  • The operating system will no longer receive software updates from Microsoft that are designed to improve functionality and fix security issues. The inability to fix security vulnerabilities is a big problem because unpatched machines effectively lower the security posture of an entire network. And, you can expect a wave of XP-focused exploits following the April 8, 2014, date because it’s highly likely the worldwide XP market share will still be roughly 30% as the endgame arrives. That presents a very large, unprotected target for today’s cyber criminals.
  • Machines will suffer from lack of support from independent software vendors and hardware manufacturers. If you are running third party software designed for Windows XP, you will likely lose XP support from those vendors. Your software will continue to run, but vendors will cease to support the software at some point in time in order to focus on supported operating systems. Also, new hardware such as printers and external hard drives may no longer be compatible with XP due to lack of continued driver support.

Home users are particularly vulnerable because they are less likely to upgrade operating systems regularly. The mantra, “If it isn’t broken, leave it alone” applies. The problem is: many users will not recognize they have a problem that needs attention. Also, many people now use tablets; which brings up a new conundrum. Do I really need to upgrade my PC if I only use it for tasks that I cannot complete on a tablet? Amol Sarwate, director of Vulnerability Labs for Qualys, says that many home users who purchase a tablet may still have XP-based PCs still kicking around their homes. For financial institutions, this may become a burgeoning issue as customers who conduct Internet banking transactions on their outdated computers will be more susceptible to security problems. It might be a good idea for financial institutions to warn customers of the dangers of not updating their XP operating systems. It could be as simple as a message on the institution’s website, as long as it’s not buried where customers do not see it.

So, what are the choices to replace XP? The most popular choice according to market share is Windows 7, which currently holds a 44% share. Windows 7 works well with most business applications and uses the traditional Microsoft desktop interface, so less training is required during transition. Also available is Windows 8, which has received its fair share of criticism lately. Windows 8 market share is only 5.4% and adoption has been slow; mostly due to major changes in the familiar desktop interface. If you haven’t used Windows 8 yet you are in for a treat, or headache, depending on your perspective. Windows 8 is the first Microsoft operating system that tries to bridge the functionality of traditional workstations and tablets. This major shift makes it a little difficult to operate upon first use. For example, the venerable Start button has been moved from its traditional lower left location to a hidden location that requires users to execute a finger swipe or mouse click along the right-hand edge of the screen. On that note, most Windows 8 functionality is found by finger swiping or mouse pointing along an edge or corner of the screen. Additionally, the main interface is now an arrangement of large tiles that represent various programs. In a nutshell, there’s a steep learning curve.

Then again, there’s always Apple.

Desktop Operating System Market Share (as of July 2013)
Desktop Operating System Market Share (as of July 2013)
Source: netmarketshare.com