Windows XP: The end is nigh

The end-of-support deadline for Windows XP, heavily publicized since 2007, is upon us, and hundreds of millions of PCs still run the OS

1 2 3 Page 2
Page 2 of 3

"XP has been supported for a long time. We need customers to move off of it because of the security. XP gets less secure every year," Murphy said.

The Microsoft official also points out that, beyond the security dangers, businesses also sacrifice productivity. More and more, third-party software vendors will stop supporting the XP versions of their applications, while fewer and fewer hardware devices -- PCs, printers, peripherals -- will work with it. Windows XP also lacks the substantial technology improvements for end users and IT departments Microsoft has delivered with the OS editions that came after it. "XP was great in its day, but its time has passed," Murphy said.

Options for mitigating the risk

There are a variety of reasons why Windows XP remains in businesses, including ignorance about the risk, unwillingness to spend to upgrade and the existence of important applications that haven't been ported to newer versions of the OS.

David Johnson, a Forrester Research analyst, said he has been fielding many inquiries from companies that are struggling to move completely off of Windows XP because they need it to run custom applications built in-house for the OS or by software vendors no longer in business.

David Johnson, Forrester Research analyst
David Johnson, Forrester Research analyst

Gartner has also been hearing from many frazzled IT chiefs. "We have a lot of organizations calling us every day asking us what to do," Silver said.

Whatever the reasons, businesses that will have PCs on Windows XP for the foreseeable future must take steps to reduce the risk of using an unpatched OS. "Organizations that haven't done anything regarding their Windows XP PCs could be in serious trouble," Silver said.

Large organizations with deep pockets have the option of buying extended support from Microsoft, but this alternative is affordable and available only to a small number of companies.

For most other businesses, recommendations from experts such as Directions on Microsoft and from Microsoft's security team focus on two main areas: securing Windows XP itself as much as possible, and limiting what these PCs can do within corporate networks and on the Internet.

Securing Windows XP includes making sure that it's on the most recent SP3 version, that all available patches and updates have been applied to it, and that a full-featured security suite with antivirus and firewall is installed and current on the PC. User rights on these PCs should be downgraded, so that they don't have administrator privileges.

It's also important to use Windows XP with browsers that still support it, such as Google's Chrome and Mozilla's Firefox, and not with IE8, which is also falling out of the update cycle. Unnecessary and insecure browser add-ons, controls and plug-ins should be uninstalled.

Businesses should also consider disabling or blocking access to the USB ports on these PCs to prevent malware infections via external peripherals such as flash drives. "Connecting removable storage devices to Windows XP systems should be avoided," wrote Tim Rains, a director in Microsoft's Trustworthy Computing group, in a blog post in late March.

It's also key to place limits around Windows XP machines so that they can only access specific applications, data and resources on their business' internal network, and can only be used to visit hand-picked external websites. One way to constrain and isolate Windows XP is to run the OS in virtualized environments. End users shouldn't be allowed to connect to the corporate network using home Windows XP PCs.

1 2 3 Page 2
Page 2 of 3
Shop Tech Products at Amazon