“On April 8, 2014, Microsoft will end support for the decade-old Windows XP. This means you will no longer receive updates, including security updates, for Windows XP from Microsoft. Support of Microsoft Office 2003 will also be ending on the same date.” – Microsoft website Feb 2014
There’s a lot of coverage in the press at the moment about Microsoft ending support for Windows XP and Office 2003. Lots of them talk about the fact that without security updates their software will then be hacked and open to further viruses and security incidents. However, security firms have confirmed that they will continue to update their products for the XP platform, causing some confusion.
I think this is leading a lot of businesses to think that they will “get by” with the XP machines. I was watching the news last night featuring the storms on the TV, and they cut over to their “disaster centre” which was a government office somewhere in London, and lo and behold every PC screen showed the classic Windows XP log on screen.
It is estimated that 50% of businesses in the UK still have Windows XP running on some or all of their machines they use.
So, if businesses haven’t started to get rid of XP by now with only 7 weeks to go, I think they’re going to be keeping them – completely aware of the fact that no further security patches will be issued by Microsoft. However, any business that takes such a policy and takes credit cards should be aware that they will not pass their next PCI DSS audit.
Its pretty clear on the audit form that you cannot use any software that cannot be updated if a security issue is detected. Windows XP will fall firmly in that category from April 9th. I’ve seen actual cash dispensers running on Windows XP in service stations recently, so quite how companies will get round that little fact is beyond me, although I think they would be open to massive fines if anything fraudulent subsequently occurred.
Microsoft haven’t helped the issue though, with a blog last week recommending that the best way to resolve the issue is to “buy a new PC”. That doesn’t really resolve the legacy issue now that Windows 8, no longer ships with the XP legacy mode (provided in Windows 7), that allows you to run old XP compatible applications in a hypervisor. You need to get a copy of Windows 7 if you need this, so you’re already buying a machine with a shorter life-cycle again.
I’m lucky in that the only place XP resided was on a few call-centre machines, that have now all been replaced with newer desktops. Although it has left with me with a number of desktop machines that I no longer require, but wont run Windows 7 due to their specification, so I’m looking for an OS that may actually work on these machines that IS secure just in case there’s a way to re-utilise the hardware within the business.
One thing is clear though : businesses review ALL the options, and maybe that’s a non-Microsoft route in the end, which is definitely a bit of an own goal on Microsoft’s behalf.